<?php
//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//
// DLMan by Shedd Technologies International		  				//
// http://www.dlman.com | info@dlman.com							//
// Copyright 2003 by STI, All rights reserved.						//
// ---------------------------------------------------------------- //
// Usage of this software is governed by the terms of GPL. 	    	//
//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//

/*
Add/Remove Products from User's Account
*/
require_once("global.php");
global $HTTP_POST_VARS,$HTTP_GET_VARS;
if(!isset($user5)||$user5=="NULL"){
	if(isset($HTTP_POST_VARS['user5']))	$user5=$HTTP_POST_VARS['user5'];
	else $user5=$HTTP_GET_VARS['user5'];
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
	<title>Change <?php print $user5; ?>'s Products</title>
<style type="text/css">
<!--
input,select{
	color: #333333;
	font-family: Verdana, Arial, Helvetica, sans-serif;
	font-size: 11px;
	font-weight: normal;
	border-color: #333333;
	text-indent: 2px; 
	border-top-width: 1px;
	border-right-width: 1px;
	border-bottom-width: 1px;
	border-left-width: 1px; 
	background: #f8f8f8;
}
input.button {
	background-color: #F8F8F8;
	color: #333333;
	border-color: black;
	font-family: Verdana, Arial, Helvetica, sans-serif;
	font-size: 11px;
	font-weight : bold;
	border-top-width: 1px;
	border-right-width: 1px;
	border-bottom-width: 1px;
	border-left-width: 1px; 
}
-->
</style>
</head>
<body>
<?php
if(!isset($stage)){
	?>
	<P align=center><STRONG><FONT face=Verdana>Edit Products for <?php print $user5; ?></FONT></STRONG></P>
	<table align="center" cellspacing="0" cellpadding="2" border="0">
	<?php print listcells(); ?>
	<tr>
		<td colspan="2">&nbsp;</td>
	</tr>
	<tr>
	    <td colspan="2">
			<P align=center><?php print proddrop(); ?></P>
		</td>
	</tr>
	</table>
	<?php
}
elseif($stage=="2"){
	//remove file
	if($action=="remove"){
		$sql="UPDATE ".$config->dt['transactions']." SET status='ARCHIVE' WHERE txn_id='$id'";
		$result=mysql_query($sql);
		if(!$result){
			print "Remove Failed<br>";
			mysql_error();
		}
		else{
			print "Success";
		}
		print "<br><a href='".$PHP_SELF."?user5=$user5'>Return</a>";
	}
	//add file
	elseif($action=="add"){
		//generate id
			while(true){//do until random value is found
				//seed the random numbers using the microsecond seed function
				srand(make_seed());
				//generate random value
				$randval=rand();
				$txn_id=$randval;
				//check that txn_id (UNQIUE TRANSACTION ID) has not been previously processed
		  		$sql="SELECT * FROM ".$config->dt['transactions']." WHERE txn_id='".$txn_id."'";
				$result=mysql_query($sql);
				$rows=mysql_num_rows($result);
				if($rows==0)
					break;
			}
		//get email
		$sql="SELECT ".$config->field['userid'].",".$config->field['email']." FROM ".$config->dt['user']." WHERE ".$config->field['username']."='$user5'";
		$result=mysql_query($sql);
		$val=mysql_fetch_array($result);
		//get product name
		$sql2="SELECT * FROM ".$config->dt['files']." WHERE id='".$form_addp."'";
		$result2=mysql_query($sql2);
		$val2=mysql_fetch_array($result2);
		//insert data
		$sql="INSERT INTO ".$config->dt['transactions']." (id,txn_id, timestamp,update_timestamp, payer_email, item_name, num_cart_items, quantity, file_id, uid, status) VALUES ('','".$txn_id."','".time()."','".time()."','".$val[$config->field['email']]."','".$val2['name']."','0','1','".$form_addp."','".$val[$config->field['userid']]."','ACTIVE');";
		$result=mysql_query($sql);
		if(!$result){
			print "Add Failed<br>";
			mysql_error();
		}
		else{
			print "Success";
		}
		print "<br><a href='".$PHP_SELF."?user5=$user5'>Return</a>";
	}
	//problem
	else{
		print "Undefined Action";
	}
}
?>	
</body>
</html>
<?php
//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\
//FUNCTIONS
//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\

//generate the cells for the list of products (with remove button)
function listcells(){
	global $config,$user5,$PHP_SELF;
	ob_start();//start content buffer
	
	$sql="SELECT ".$config->field['userid']." FROM ".$config->dt['user']." WHERE ".$config->field['username']."='$user5'";
	$result=mysql_query($sql);
	$val=mysql_fetch_array($result);
	
	//select all of user's purchases from transaction log for paid
	$sql="SELECT * FROM ".$config->dt['transactions']." WHERE uid='".$val[$config->field['userid']]."'";
	$result=mysql_query($sql);
	while($v=@mysql_fetch_array($result)){
		//select data from the file table for the download
		$sql2="SELECT * FROM ".$config->dt['files']." WHERE id='".$v['file_id']."'";
		$result2=mysql_query($sql2);
		while($value2=mysql_fetch_array($result2)){
			?>
			<tr>
	    		<td valign="middle"><b><?php print $value2['name']; ?></b><?php if($v['status']=="ARCHIVE") print "&nbsp;(DISABLED)"; ?></td>
	    		<form action="<?php print $PHP_SELF; ?>" method="post">
				<td valign="middle">
					<input type="hidden" name="stage" value="2">
					<input type="hidden" name="user5" value="<?php print $user5; ?>">
					<input type="hidden" name="action" value="remove">
					<input type="hidden" name="id" value="<?php print $v['txn_id']; ?>">
					<?php if($v['status']=="ACTIVE") { ?><input type="submit" value="Remove"><?php } ?>
				</td>
				</form>
			</tr>
			<?php
		}//end while
	}//end while 1
	$content=ob_get_contents();//store content to global buffer var
	ob_end_clean();
	return $content;
}//end function

//generate the dropdown of products (with add button)
function proddrop(){
	global $config,$user5,$PHP_SELF;
	ob_start();//start content buffer
	$sql="SELECT * FROM ".$config->dt['files']." WHERE permissions='paid'";
	$result=mysql_query($sql);
	print '<form action="'.$PHP_SELF.'" method="post">';
	print '<select name="form_addp" size="1">';
	while($v=@mysql_fetch_array($result)){
		?>
			<option value="<?php print $v['id']; ?>"><?php print $v['name']; ?></option>
		<?php
	}
	print '</select>';
	?>
		<input type="hidden" name="action" value="add">
		<input type="hidden" name="stage" value="2">
		<input type="hidden" name="user5" value="<?php print $user5; ?>">
		<input type="submit" value="Add">
	<?php
	print '</form>';
	$content=ob_get_contents();//store content to global buffer var
	ob_end_clean();
	return $content;
}//end function
?>
